Score:1

Are PGP messages susceptible to man-in-the-middle attack?

pl flag
Lee

Say Alice wants to send a PGP encrypted message to Bob.
She generates a symmetric key, encrypts it with Bob's public key, and sends both the message and the encrypted symmetric key to Bob. Then Bob is able to decrypt her message.
But what if a MiTM attacker modifies both the encrypted symmetric key, and the message, and send them to Bob?
Isn't the attacker able to tamper with the original message? What am I understanding wrong?

kelalaka avatar
in flag
Digital certificates? or get the public key?
pl flag
Lee
@kelalaka Bob's public key is public to everyone, so the attacker can use it as well. How do you involve digital certificates?
kelalaka avatar
in flag
Did you forget to sign the messages? https://web.archive.org/web/20080702073337/http://www.pgpi.org/doc/pgpintro/
pl flag
Lee
@kelalaka You do sign the messages, but the attacker can also sign their own message, and yet the receiver would be able to decrypt the message of the attacker (since it was encrypted with the public key of the receiver)
kelalaka avatar
in flag
When you check the signature of the message what will you see? Do you know what is a digital signature? It requires the owner's private key to sign and public key to verify. When you get a message from Bob, you check the existence of Bob's public key or get it from a trusted directory,,. If the signature is not verified with Bob's public key then either the file is corrupted or someone is attempting a forgery...
kr flag
@Lior: *but the attacker can also sign their own message* - No. The attacker **cannot** sign, because doesn't have the private key of the Alice. If the attacker signs with own key, then Bob will see, that the signature does not belong to Alice.
Score:1
in flag

The reason why this is not possible is, as the others have stated, that a signed message cannot be forged. Of course, an attacker is able to sign any message, but only with a private key belonging to their own public key / certificate.

So what happens is that:

  1. Alice signs the message with her private key, indicating her public key / certificate;
  2. Alice encrypts the signed message with Bob's public key (as PGP uses sign-then-encrypt);
  3. Bob receives the message and decrypts it using his private key;
  4. Bob gets the key ID of Alice and looks up her public key / certificate, finding out it is her;
  5. Bob verifies that the signature under the message is that of Alice.

Now Malory (the MitM using the normal names) can obviously send encrypted messages to Bob, however she cannot decrypt the message of Alice as she doesn't have Bob's private key.

With regards to signature generation: Malory could put down her own signature and change the ID but then the message would not be from Alice.

Of course this does require that the public key / certificate of Alice is known and trusted in advance by Bob, otherwise Malory could create a key pair and send the public key / certificate to Bob, impersonating Alice. With PGP that trust is created using a web of trust.

As that web of trust has never been all that secure for PGP, it is highly recommended to establish trust directly, e.g. by mailing the certificate and then verifying the key fingerprint over the phone. PGP has been designed with this in mind (e.g. establishing an easy to verify fingerprint system and requiring explicit trust of the public keys / certificates within the trust store).

Maarten Bodewes avatar
in flag
Beware that PGP is an old protocol; attacks exist and newer protocols may offer better security.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.